Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FYI–-UDP Flood XAMPP Exploit

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    1 Posts 1 Posters 794 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Just thought I'd pass this on in case anyone could use it…

      I'm running PFsense 2.2.1 latest, and greatest ofcourse...

      Our company moved location and we've just brought the network back online connecting the various locations using Ubiquiti equipment.
      I've downloaded and installed Squid 3, taking into account the 4 locations now using PFsense at the center of them all, being the 'gateway'

      So, after installing and configuring squid 3, I noticed the CPU usage was at 17%. I thought this was a result of squid and general usage.
      However, tonight I just happened to check our CAS servers, and noticed one of them sending over 800mbits/s of traffic. Well, we don't have that kind of link. Our internet link is a mere 7Mbits, so..what the??

      Turns out, XAMPP WEBDEV server was hacked and exploited with malicious PHP files uploaded. Apache server logs erased.

      httpd.exe was disabled, and UDP flood terminated. PFsense CPU usage went down to between 0% and 5%.

      Just goes to show what happens when you assume and take things for granted. Details attached...

      PFSense.png
      PFSense.png_thumb
      ![CAS Bandwidth.jpg](/public/imported_attachments/1/CAS Bandwidth.jpg)
      ![CAS Bandwidth.jpg_thumb](/public/imported_attachments/1/CAS Bandwidth.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.